Dirty Web Promotion Tricks #1 - Legitimate and Malicious Javascripts

by: Michael

One of the best way to get visitors to further explore your site is to
convince them to set your home page as their Internet start page, or
for them to add you their "Favorites". In this article, we'll examine
some ethical and unethical ways this is done.

Many
sites include legitimate javascripts that allow visitors to easily add
a page to their "Favourites" by clicking on a link. A script to achieve
this would look like something along the lines of:

=======================================================================
SAMPLE Legitimate "BOOKMARKING" SCRIPT:

<script LANGUAGE="JavaScript">

//Free for Redistribution. (C) Michael Bloch from WWW.TAMINGTHEBEAST.NET
//Please do not remove these comments. This script can be use within tables.
//Suitable for most 4+ Browsers. Copy and paste into a text editor first,
//change the YOURSITE details to suit, then paste into appropriate area
//between <body> and </body> tags in HTML. Visit Taming the Beast for a
//wide selection of Web development tools and articles!

if ((navigator.appName == "Microsoft Internet Explorer")
&& (parseInt(navigator.appVersion) >= 4))
{
var url="HTTP://WWW.YOURSITE.COM/";
var title="YOURSITE DESCRIPTION (this will appear on bookmark text)";
document.write('<A HREF="javascript:window.external.AddFavorite(url,title);"');
document.write('<small>Bookmark YOURSITE!</small>
');}
else {
var msg = "Bookmark YOURSITE!";
if(navigator.appName == "Netscape") msg += " - press(Ctrl-D) on your keyboard.";
document.write(msg);
}
</script>
========================================================================

This
script should work well in most 4+ browsers. It is as simple as I could
make it, and was put together using a number of free scripts available
as a reference. There are many other scripts available that allow for
the use of images and status bar text.

In this script:

-
When Netscape is detected, it only displays a message suggesting that
the visitor uses the Ctrl+D command to bookmark the page and the
scripting will not appear in the source code of the page.

- In
Internet Explorer, it will add your homepage to this visitor's
"Favorites" from any page in the site - along with a custom description
you specify in the script.

- Other types of javascript enabled
browsers will only display the suggestion to bookmark (no keyboard
commands as this can vary browser to browser), and the script will not
be displayed in the source code.

Unfortunately, some companies do not use ethical methods to gain a valued place in a visitors Favorites or bookmarks.

On
visiting a web design resource site the other day via a search engine
link, my anti-virus program jumped up and alerted me with the following:

"real-time protection has found that C:WINDOWSTEMPORARY INTERNET FILESCONTENT.IE5S3QFQF0XADVERTS[1].HTM is JS.IEStart trojan."

I
hadn't clicked on anything! This script had been activated simply
through me visiting the page. There were no warnings on the page that
this was going to occur. What the javascript had done was to reset my
"home" page and added entries to "My Favourites"! I examined the script
that had caused it occur and while I won't publish it here for obvious
reasons, I can assure you that it would qualify as a "scumvertising"
tactic.

When restarting IE I found that via an ezine site and
another marketing company (from where the script was called), I was
being redirected to a very well known software companies' home page. In
total, there were 4 companies involved in this particular incident - I
look forward to the responses to the emails I will send them.

If you have had this happen to you, I'd like to know about it.......

The JS.IEStart trojan is also known as VBS.Passon (CA), VBS.PassOn (NAV) VBS/IEstart.gen.

While
it is not destructive, I object strongly to other companies adding
sites to My Favourites and altering the default home page without my
permission or knowledge. If I hadn't had my AV program running in the
background, I probably never would have figured out where this script
came from. I have since then copied the scripts, along with appropriate
screenshots pending further action.

It is an invasive,
disgusting marketing tactic that only serves to irritate visitors; and
it helps give the web marketing industry a bad name. I am sure the
company I was redirected to will be interested in knowing that their
advertising cash is being spent on a marketing firm who uses, in my
opinion, illegitimate means to send visitors to them. It is a waste of
their money as they are recieving traffic that is not targeted - what
is known as "garbage traffic".

To the companies that incorporate
this type of ploy as part of their "bleeding edge" marketing technology
- "may you live in interesting times"! You will be caught out!

It's
bad enough that we have to travel the 'net with our AV programs and
firewalls on "paranoid" mode - do we now have to have "pop up killers"
running all the time as well?